Rodenburg Law Firm this week confirmed it notified 81,307 people of an August 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Dates of birth
- Payment card numbers
- Medical conditions
- Treatment info
According to a data breach notice published by Maine’s attorney general, the breach at the debt recovery law firm occurred on August 26, 2025.
A cybercriminal group called Akira took credit for the breach in December 2025. On the group’s data leak site, Akira said it stole 144 GB from Rodenburg. Akira claimed it had stolen employee info, confidential legal files, court hearings, and client info.
Rodenburg Law Firm has not acknowledged Akira’s claim and Comparitech cannot independently verify it. We do not know how attackers breached Rodenburg’s systems, if the law firm paid a ransom, or how much Akira demanded. Comparitech contacted Rodenberg Law Firm for comment and will update this article if it replies.
“On August 26, 2025, Rodenburg discovered potentially anomalous activity in its environment,” says the firm’s notice to breach victims.
“Further assessment and investigation into the observed activity revealed unauthorized access into the Rodenburg network environment by an unknown third party for a short span of time. This incident was limited to the Rodenburg network environment only. Our investigation determined that certain files in the Rodenburg environment were exposed to the unauthorized actor. Following a thorough investigation of the impacted data which concluded on March 20, 2026, we discovered that your personal information was exposed.”
The firm is offering 12 months of free credit monitoring to breach victims through TransUnion. The deadline to enroll is 90 days from the date on the notice letter.
Who is Akira?
Akira is a ransomware gang that first emerged in March 2023. Its targets tend to be small- to medium-sized businesses across a range of industries: education, finance, manufacturing, real estate, and healthcare. Akira’s malware both locks down computer systems and steals data. The group then demands a ransom to restore those systems and secure stolen data.
In 2025, Akira claimed responsibility for 772 ransomware attacks. Of those, 112 were confirmed by the organizations targeted.
Nine of those confirmed attacks hit legal firms in the USA. In addition to Rodenburg, Akira took credit for the following:
- Cohn Lifland Pearlman Herrmann & Knopf (NJ) reported a March 2025 data breach
- Murphy, Pearson, Bradley & Feeney (CA) reported an April 2025 breach
- Martin Showers Smith & McDonald (TX) notified at least 459 people of a May 2025 data breach
- Imblum Law Offices (PA) reported a May 2025 data breach
- Cutcliffe Archetto & Santilli (RI) notified 749 people of a May 2025 data breach
- Markowitz, Ringel, Trusty & Hartog (FL) reported an August 2025 data breach
- Gorlick, Kravitz & Listhaus (NY) was part of a group of five companies that reported a breach in September 2025
- Gregory A Burrell Chapter 13 Trustee (MN) notified 4,082 people of an October 2025 data breach
Akira has claimed responsibility for 248 more ransomware attacks in 2026 to date, 14 of which have been confirmed so far.
Ransomware on US law firms
Comparitech researchers logged 36 confirmed ransomware attacks on US law firms and other legal companies in 2025. Those firms in turn notified 318,676 data breach victims that their personal information was compromised.
This breach at Rodenburg is the largest known breach on a US law firm to date by number of records affected. It’s followed by:
- Chapter 13 Trustee Office of Rod Danielson notified 63,857 people of a December 2025 data breach claimed by Inc Ransomware
- Davies, McFarland, & Carroll notified 54,712 people of a May 2025 data breach claimed by Lynx
In 2026 so far, we’ve recorded three such attacks:
- Katz, Kantor, Stonestreet, & Buckner reported a February 2026 data breach
- Jones Day reported a March 2026 data breach for which ransomware group Silent demanded $13 million
- Robinette Legal Group reported a March 2026 ransomware attack
Ransomware attacks on US law firms can jeopardize sensitive client data and lock down computer systems used for everything from file storage to communication and payroll. If a firm doesn’t pay the ransom, then an attack can cause costly delays and downtime while putting clients at increased risk of fraud and privacy violations.
About Rodenburg Law Firm
Founded in 1976, Rodenburg Law Firm is a debt recovery law firm with offices in Fargo and Bismark, North Dakota. Its services cover North Dakota, Minnesota, Montana, South Dakota, and Wyoming. The firm represents collection agencies, commercial forwarders, lenders, auto and consumer finance companies, debt buyers, colleges, healthcare organizations, and other creditors.
Rodenburg is one of the largest 100 consumer collection law firms by volume in the country, according to the firm’s website.
